CVE-2013-0429 – OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)
https://notcve.org/view.php?id=CVE-2013-0429
Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907460 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/c1ed8145c1b8 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http:/& •
CVE-2013-0426 – OpenJDK: logging insufficient access control checks (Libraries, 6664528)
https://notcve.org/view.php?id=CVE-2013-0426
Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907346 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139& •
CVE-2013-0425 – OpenJDK: logging insufficient access control checks (Libraries, 6664509)
https://notcve.org/view.php?id=CVE-2013-0425
Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139& •
CVE-2013-0431 – Oracle JRE Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-0431
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. Una Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 hasta Update 11 y OpenJDK versión 7 de Oracle, permite a los atacantes remotos asistidos por el usuario omitir el sandbox de seguridad Java por medio de vectores no especificados relacionados con JMX, también se conoce como "Issue 52", una vulnerabilidad diferente de CVE-2013-1490. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox. • https://www.exploit-db.com/exploits/24539 http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.re •
CVE-2012-5076 – Oracle Java SE Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2012-5076
An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. • https://www.exploit-db.com/exploits/24309 https://www.exploit-db.com/exploits/22657 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html http://rhn.redhat.com/errata/RHSA-2012-1386.html http://rhn.redhat.com/errata/RHSA-2012-1391.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://secunia.com/advisories/51029 http://secunia.com/advisories/51326 http://secunia.com/advisories/51390 http://security.gentoo.org/glsa/glsa-201406-32.xml http:& •